openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:2636-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.2.2024.2636.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (SUSE-SU-2024:2636-1)

Summary: The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2024:2636-1 advisory.

Description: Summary:
The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2024:2636-1 advisory.

Vulnerability Insight:
Security Fixes:
* A malicious DNS client that sent many queries over TCP but
never read the responses could cause a server to respond slowly
or not at all for other clients. This has been fixed.
(CVE-2024-0760)
* It is possible to craft excessively large resource records
sets, which have the effect of slowing down database
processing. This has been addressed by adding a configurable
limit to the number of records that can be stored per name and
type in a cache or zone database. The default is 100, which can
be tuned with the new max-records-per-type option.
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
* Due to a logic error, lookups that triggered serving stale data
and required lookups in local authoritative zone data could
have resulted in an assertion failure. This has been fixed.
* Potential data races were found in our DoH implementation,
related to HTTP/2 session object management and endpoints set
object management after reconfiguration. These issues have been
fixed.
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)

Affected Software/OS:
'bind' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-0760
Common Vulnerability Exposure (CVE) ID: CVE-2024-1737
Common Vulnerability Exposure (CVE) ID: CVE-2024-1975
Common Vulnerability Exposure (CVE) ID: CVE-2024-4076

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.2636.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:2636-1)
Summary:	The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2024:2636-1 advisory.
Description:	Summary: The remote host is missing an update for the 'bind' package(s) announced via the SUSE-SU-2024:2636-1 advisory. Vulnerability Insight: Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) Affected Software/OS: 'bind' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0760 Common Vulnerability Exposure (CVE) ID: CVE-2024-1737 Common Vulnerability Exposure (CVE) ID: CVE-2024-1975 Common Vulnerability Exposure (CVE) ID: CVE-2024-4076
Copyright	Copyright (C) 2025 Greenbone AG